diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index b321c04e574c..e35ea0c7b927 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -69,9 +69,9 @@ let
plugins = mkOption {
type = types.listOf (types.enum [
"cert.der" "cert.pem" "chain.pem" "external.sh"
- "fullchain.pem" "full.pem" "key.der" "key.pem" "account_key.json"
+ "fullchain.pem" "full.pem" "key.der" "key.pem" "account_key.json" "account_reg.json"
]);
- default = [ "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
+ default = [ "fullchain.pem" "full.pem" "key.pem" "account_key.json" "account_reg.json" ];
description = ''
Plugins to enable. With default settings simp_le will
store public certificate bundle in fullchain.pem,
diff --git a/pkgs/tools/admin/certbot/0001-pebble_artifacts-hardcode-pebble-location.patch b/pkgs/tools/admin/certbot/0001-pebble_artifacts-hardcode-pebble-location.patch
new file mode 100644
index 000000000000..33f0cd216c1d
--- /dev/null
+++ b/pkgs/tools/admin/certbot/0001-pebble_artifacts-hardcode-pebble-location.patch
@@ -0,0 +1,24 @@
+From 8ddf2697508eca514a0dde4646ad14ac3ba34b2a Mon Sep 17 00:00:00 2001
+From: Florian Klink
+Date: Fri, 18 Oct 2019 16:06:50 +0200
+Subject: [PATCH] pebble_artifacts: hardcode pebble location
+
+---
+ certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py b/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py
+index 2b1557928..d2603c51a 100644
+--- a/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py
++++ b/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py
+@@ -22,6 +22,7 @@ def fetch(workspace):
+
+
+ def _fetch_asset(asset, suffix):
++ return "@pebble@"
+ asset_path = os.path.join(ASSETS_PATH, '{0}_{1}_{2}'.format(asset, PEBBLE_VERSION, suffix))
+ if not os.path.exists(asset_path):
+ asset_url = ('https://github.com/letsencrypt/pebble/releases/download/{0}/{1}_{2}'
+--
+2.23.0
+
diff --git a/pkgs/tools/admin/certbot/default.nix b/pkgs/tools/admin/certbot/default.nix
index 782af149ed6a..3448e3c81831 100644
--- a/pkgs/tools/admin/certbot/default.nix
+++ b/pkgs/tools/admin/certbot/default.nix
@@ -1,21 +1,27 @@
-{ stdenv, python3Packages, fetchFromGitHub, dialog }:
+{ stdenv, python37Packages, fetchFromGitHub, fetchurl, dialog, autoPatchelfHook, nginx, pebble }:
-python3Packages.buildPythonApplication rec {
+
+python37Packages.buildPythonApplication rec {
pname = "certbot";
- version = "0.31.0";
+ version = "0.39.0";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
- sha256 = "0rwjxmkpicyc9a5janvj1lfi430nq6ha94nyfgp11ds9fyydbh1s";
+ sha256 = "1s32xg2ljz7ci78wc8rqkjvgrz7vprb7fkznrlf9a4blm55pp54c";
};
- propagatedBuildInputs = with python3Packages; [
+ patches = [
+ ./0001-pebble_artifacts-hardcode-pebble-location.patch
+ ];
+
+ propagatedBuildInputs = with python37Packages; [
ConfigArgParse
acme
configobj
cryptography
+ distro
josepy
parsedatetime
psutil
@@ -26,11 +32,19 @@ python3Packages.buildPythonApplication rec {
zope_component
zope_interface
];
- buildInputs = [ dialog ] ++ (with python3Packages; [ mock gnureadline ]);
- patchPhase = ''
+ buildInputs = [ dialog ] ++ (with python37Packages; [ mock gnureadline ]);
+
+ checkInputs = with python37Packages; [
+ pytest_xdist
+ pytest
+ dateutil
+ ];
+
+ postPatch = ''
substituteInPlace certbot/notify.py --replace "/usr/sbin/sendmail" "/run/wrappers/bin/sendmail"
substituteInPlace certbot/util.py --replace "sw_vers" "/usr/bin/sw_vers"
+ substituteInPlace certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py --replace "@pebble@" "${pebble}/bin/pebble"
'';
postInstall = ''
@@ -40,7 +54,15 @@ python3Packages.buildPythonApplication rec {
done
'';
- doCheck = !stdenv.isDarwin; # On Hydra Darwin tests fail with "Too many open files".
+ # tests currently time out, because they're trying to do network access
+ # Upstream issue: https://github.com/certbot/certbot/issues/7450
+ doCheck = false;
+
+ checkPhase = ''
+ PATH="$out/bin:${nginx}/bin:$PATH" pytest certbot-ci/certbot_integration_tests
+ '';
+
+ dontUseSetuptoolsCheck = true;
meta = with stdenv.lib; {
homepage = src.meta.homepage;